{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-04-01T00:00:00", "descriptions": [{"lang": "en", "value": "FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the \"lang\" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl \"eval\" statement."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030917 Exploit: IkonBoard 3.1.1/3.1.2a arbitrary command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=106381136115972&w=2"}, {"name": "20030908 IkonBoard 3.1.2a arbitrary command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/336598"}, {"name": "20030401 IkonBoard v3.1.1: arbitrary command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/317234"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0770", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the \"lang\" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl \"eval\" statement."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030917 Exploit: IkonBoard 3.1.1/3.1.2a arbitrary command execution", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=106381136115972&w=2"}, {"name": "20030908 IkonBoard 3.1.2a arbitrary command execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/336598"}, {"name": "20030401 IkonBoard v3.1.1: arbitrary command execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/317234"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:05:12.563Z"}, "title": "CVE Program Container", "references": [{"name": "20030917 Exploit: IkonBoard 3.1.1/3.1.2a arbitrary command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=106381136115972&w=2"}, {"name": "20030908 IkonBoard 3.1.2a arbitrary command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/336598"}, {"name": "20030401 IkonBoard v3.1.1: arbitrary command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/317234"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0770", "datePublished": "2003-09-12T04:00:00", "dateReserved": "2003-09-09T00:00:00", "dateUpdated": "2024-08-08T02:05:12.563Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ikonboard.com:ikonboard:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3739756D-B9B0-48B6-8C45-FE9A36D203B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ikonboard.com:ikonboard:3.1.2a:*:*:*:*:*:*:*", "matchCriteriaId": "FCAB8510-C73D-4EFF-A657-F678F3D1C696", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the \"lang\" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl \"eval\" statement."}, {"lang": "es", "value": "FUNC.pm en IkonBoard 3.1.2a y anteriores, incluyendo 3.1.1, no limpia adecuadamente la galletita (cookie) \"lang\" cuando contiene caract\u00e9res ilegales, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario cuando la galletita se inserta en una sentencia Perl \"eval\"."}], "id": "CVE-2003-0770", "lastModified": "2024-11-20T23:45:29.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-09-22T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=106381136115972&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/317234"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/336598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=106381136115972&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/317234"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/336598"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}